Bcrypt is a cross platform file encryption utility. Encryptedfiles are portable across all supported operating systems andprocessors. Passphrases must be between 8 and 56 characters and arehashed internally to a 448 bit key. However, all characterssupplied are significant. The stronger your passphrase, the moresecure your data.
In addition to encrypting your data, bcrypt will by defaultoverwrite the original input file with random garbage three timesbefore deleting it in order to thwart data recovery attempts bypersons who may gain access to your computer. If you're not quiteready for this level of paranoia yet, see the installationinstructions below for how to disable this feature. If you don'tthink this is paranoid enough.. see below.
Bcrypt uses the blowfish encryption algorithm published by BruceSchneier in 1993. More information on the algorithm can be found atCounterpane.Specifically, bcrypt uses Paul Kocher's implementation of thealgorithm. The source distributed with bcrypt has been slightlyaltered from the original. Original source code can be obtainedfromhttp://www.counterpane.com/bfsh-koc.zip.
Bcrypt has been successfully tested on the following platforms:
x86:No other operating systemshave been tested, but most should work with minimal modifications.If you get bcrypt to compile without errors on any other platformor architecture, I'd like to know about it. If patches arenecessary to get bcrypt work on your OS, I will try to incorporatethem into the main distribution.
If you have a machine not listed above that is incapable ofcompiling bcrypt and are willing to give me access to the machine,I will make an attempt to port it to your OS.
Bcrypt 1.1 fixes a few minor bugs and adds support for many new operatingsystems. If you previously used 1.0 on an unsupported platform, you may notbe able to decrypt any encrypted files you have. Alpha systems are known tohave this problem. 32 bit systems should not have this problem. 64 bit systems probably do. If your system exhibits this problem, you should decrypt your files with 1.0 and reencrypt them with 1.1.
1.1 is immensely faster than 1.0. Additionally, it uses about 50% as much memory with compression turned off, or 66% with compression on.
Source code release:
zlib -http://www.gzip.org/zlib/
Win32 binary release:
zlib.dll -zlib-1.1.4-bin.zip
| Source Code: | bcrypt-1.1.tar.gz | GPG signature | bcrypt-1.1.tar.gz.asc |
| Win32 Binary: | bcrypt-1.1.zip | GPG signature | bcrypt-1.1.zip.asc |
The following files are copies of the LICENSE file that have been encrypted with the passphrase 'eggheads'. If you can decrypt both, then your installation should be compatible with any other supported systems.
bigendian.bfeIf you're so inclined, edit config.h and change the defaults towhatever you think is appropriate for your needs. If you choose notto have bcrypt remove input files after processing, or setSECUREDELETE to 0, you are likely to have data on your hard drivethat can be recovered even after deletion. All of these options canbe set on the command line as well.
When you're satisfied with the default settings, simplytype:
make
then su and type:
make install
It would be wise to test the installation on a few unimportantfiles before encrypting anything you value, removing the only copyand overwriting it 127 times with garbage.
bcrypt [-orc][-sN] file ...
Encrypted files will be saved with an extension of .bfe. Anyfiles ending in .bfe will be assumed to be encrypted with bcryptand will attempt to decrypt them. Any other input files will beencrypted. If more than one type of file is given, bcrypt willprocess all files which are the same as the first filetypegiven.
By default, bcrypt will compress input files before encryption,remove input files after they are processed (assuming they areprocessed successfully) and overwrite input files with random datato prevent data recovery.
Passphrases may be between 8 and 56 characters. Regardless ofthe passphrase size, the key is hashed internally to 448 bits - thelargest keysize supported by the blowfish algorithm. However, it isstill wise to use a strong passphrase.
Options
| -o | print output to standard out. Implies -r. |
| -c | DO NOT compress files before encryption. |
| -r | DO NOT remove input files after processing |
| -sN | How many times to overwrite input files with random data beforeprocessing. The default number of overwrites is 3. Use -s0 todisable this feature. No effect if -r is supplied. |
The options o,c and r each have the opposite effects if theappropriate settings are altered from the default in config.h.
Encrypted files should be compatible between most systems.Binary compatibility has been tested for all systems listed above.
Bcrypt has a mailing list for support. You can subscribe athttps://lists.sourceforge.net/lists/listinfo/bcrypt-users.
johnny shelley - core code and unix ports.
Philip Stolarczyk - native Win32 support and testing.
Copyright (c) 2002 Johnny Shelley
Redistribution and use in source and binary forms, with orwithout modification, are permitted provided that the followingconditions are met:
1. Redistributions of source code must retain the abovecopyright notice, this list of conditions and the followingdisclaimer.
2. Redistributions in binary form must reproduce the abovecopyright notice, this list of conditions and the followingdisclaimer in the documentation and/or other materials providedwith the distribution.
3. Neither the name of the author nor any contributors may beused to endorse or promote products derived from this softwarewithout specific prior written permission.
THIS SOFTWARE IS PROVIDED BY COPYRIGHT HOLDERS AND CONTRIBUTORS``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUTNOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY ANDFITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALLTHE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, ORPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORYOF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THEUSE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCHDAMAGE.
